Lines 74-114javascript
74// a flow-revert kill and the next dispatch wave loses the pending resume record, so the task
75// re-dispatches COLD (fresh lane, no resume). That's safe: the healed transcript survives on
76// disk (sanitizeSession wrote it), so a cold re-dispatch can't 400 on a dangling tool_use — it
77// just loses the resume/revert-target carry. Not worth persisting for that narrow window.
78const flowRedispatch = new Map()
79// FL-B2 — per-flow HARD budget ledger (flowId → budget). Accumulates each lane's
80// completed-turn output tokens (onEvent 'result') so the autopilot cap stops the next
81// wave BEFORE overrun. Lives bridge-side because waves dispatch across separate
82// broadcasts; without persistent state the cap can never bite.
83const flowBudgets = new Map()
84import { formatPeek, PEEK, siblingsOf, resolveSibling, crossPostDecision, CROSSPOST, spawnDecision, CROSSROOM, formatPairRoster, crossRoomPostDecision, formatRoomNow } from './cross-terminal.mjs'
85import { turnInFlight } from './update-gate.mjs'
86import { saveSession, flushSession, deleteSession, loadAll, canResume, loadPtyId, savePtyId, loadNames, saveNames, appendDurableEvents, seedDurableEvents, readDurablePage, readDurableOldestSeq, loadSummary, saveSummary } from './session-store.mjs'
87import { stampEvent, makeSeqCounter, maxSeq, seqable, capReplayEvents, chunkReplayEvents, boundEventForBroadcast, inlineImageBlocks } from './event-id.mjs'
88import { makeThrottledTrack } from './presence.mjs'
90// Public client creds (the same anon values the web app ships — safe to embed).
91// Override with TP_SUPABASE_URL / TP_SUPABASE_ANON if you ever need to.
92const SUPABASE_URL = process.env.TP_SUPABASE_URL || 'https://daytvtakmlixpfbbqzjd.supabase.co'
93const WEB_BASE = process.env.TP_WEB_BASE || 'https://thinkpool.io'
94const SUPABASE_ANON = process.env.TP_SUPABASE_ANON || 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImRheXR2dGFrbWxpeHBmYmJxempkIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NzgwNTMxNzEsImV4cCI6MjA5MzYyOTE3MX0.zYmz8bHUNEY4STUr2JuXChAsKwxNwkwFHe1Hd0Betqo'
CriticalCritical Secret
Package contains a critical-looking secret pattern.
bridge.mjsView on unpkg · L94 96// Owner access token for AUTHED web writes (currently /api/code-mockup, whip L16).
97// The room-bridge is anon by design; the account supervisor (account.mjs) owns the
98// session, so it hands a fresh owner token in at spawn (TP_ACCESS_TOKEN) and pushes
99// a rotated one over IPC ({ t:'token' }) on each refresh. Stays null for a
100// directly-started bridge with no account login — those writes go unattributed,
101// never owner-spoofed (the server treats a missing/!owner token accordingly).
102let codeAuthToken = process.env.TP_ACCESS_TOKEN || null
104// Per-terminal rolling scrollback (raw chars). Replayed to joining clients.
105// Kept comfortably under realtime payload limits once base64'd.
106const SCROLLBACK_MAX = 120_000
108// node-pty is a native module — loaded lazily so a friendly message shows
109// if it isn't built yet.
110// Structured Claude (the default) runs through the Agent SDK and needs NO PTY,
111// so a failed node-pty build must not block the bridge — it only disables the
112// raw-PTY path (other CLIs / TP_PTY=1), which we flag clearly if it's used.
114try { pty = (await import('node-pty')).default ?? (await import('node-pty')) }